Researchers discovered a new Android banking malware named Massiv that disguises itself as an IPTV app to steal digital identities and access online banking accounts. In a campaign observed by ThreatFabric, Massiv targeted a Portuguese government app integrated with Chave Móvel Digital and uses screen overlays, keylogging, MediaProjection and Accessibility-based UI-tree control to bypass protections, open fraudulent accounts, and enable money laundering and account takeovers. #Massiv #ChaveMovelDigital
Keypoints
- Massiv masquerades as an IPTV app to trick users into sideloading a malware dropper.
- It captures credentials via screen overlays and keylogging and can remotely control devices.
- The malware targeted a Portuguese app tied to Chave Móvel Digital, risking KYC bypass and identity theft.
- Operators use two remote modes: MediaProjection live-streaming and an Accessibility-based UI-tree for scripted interactions.
- IPTV-themed lures are rising; users should install apps only from official stores and keep Play Protect enabled.